Is writing code using AI always the right thing to do? About a year ago, Kirill Efimov — who leads our Engine team — approached Tomer Cohen and said: “The team is working steadily with Cursor, but I’m starting to notice more and more code review issues, especially in sensitive areas of the code. These are places that require delicate handling — either manually, or at least with close collaboration with the AI. It’s not something you can just ‘let run.’” I asked him, “What do you need to make it better?” He thought for a moment and replied: “For starters, if I knew which parts of the code were written by AI and which were done manually, that would help. And if I could also see the prompts that were used, we could learn what works well and what doesn’t.” I loved that idea. It’s like git blame — but for AI. So, we decided to build it. We created a lightweight IDE plugin that tracks AI-generated code, paired with a small server that cross-references what’s seen in the IDE with what’s committed in the repo. The result: Every pull request now includes a visual (like in the image) showing exactly which segments were created with AI, along with the tool, model, and prompt used by the developer. This allowed Kirill Efimov and the team to quickly focus on the most sensitive AI-written code during reviews. And because we also save the prompts, the team learned which ones produce great results — and which don’t. It’s helped everyone refine their AI development strategy and understand when a prompt is too broad or not task-specific enough. Now it’s your turn 👇 We’re opening the tool to a limited number of beta users. If you’d like to see this kind of insight on your own code, comment below and we’ll add you to the beta!
Mobb
Computer and Network Security
Acton, MA 2,935 followers
Trusted, Automatic Vulnerability Fixer
About us
Mobb lets organizations take control of securing applications with trusted, automated fixes that are informed and verified by the developers who own the source code. Organizations are able to act fast to significantly reduce the chances of being impacted by a security vulnerability exploit. CISOs can finally start reporting reductions in vulnerability backlogs, security teams can streamline processes and policies, and developers can quickly execute fixes with more trust and less friction.
- Website
-
https://mobb.ai/
External link for Mobb
- Industry
- Computer and Network Security
- Company size
- 11-50 employees
- Headquarters
- Acton, MA
- Type
- Privately Held
- Founded
- 2021
- Specialties
- application security, DevSecOps, cyber security, vulnerability remediation, appsec, and automated vulnerability remediation
Locations
-
Primary
Acton, MA 01720, US
-
Kfar Saba, IL
Employees at Mobb
Updates
-
🎟️ Win a FREE ticket to Global OWASP DC Conference (worth $1,295)! 🎟️ We’re heading to the OWASP® Foundation event in DC and giving away one ticket to join us there, and all you have to do is fix open source vulnerabilities using Mobb between now and October 31. The winner will be the person who fixes the most. To qualify: 🔹 You can register for free to use Mobb when contributing to open source projects. 🔹 Use your preferred SAST scanner from our supported list and upload the report to Mobb to fix the findings. 🔹 Or, simply run this command to scan with Opengrep and fix automatically with Mobb: npx mobbdev@latest analyze -r [repo-URL] --ref [REF e.g. main] We’ll announce the winner right after Halloween 👻 See you at OWASP DC! #OWASP #AppSec #AI #SecureCoding #OpenSource #MobbAI
-
-
Vibe Coding apps are powerful tools for building internal enterprise applications - from marketing and finance to HR and operations. Here’s a practical security tip for your builders 👇
🔒 𝐇𝐞𝐫𝐞’𝐬 𝐭𝐡𝐞 𝐦𝐨𝐬𝐭 𝐢𝐦𝐩𝐨𝐫𝐭𝐚𝐧𝐭 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐭𝐢𝐩 𝐟𝐨𝐫 Base44 𝐛𝐮𝐢𝐥𝐝𝐞𝐫𝐬: Your customers’ data is probably the most important thing to protect. We often see cases - some of them critical - where sensitive data is exposed to anyone. The simplest (and most common) example: 🌐 A public landing page that collects contact information. When you ask Base’s agent to build this, it creates an entity in your app’s database, usually called “Contact”, where the submitted data is stored. If you don’t restrict access to this entity ⚠️ That data is exposed to anyone with a browser. So what should you do? Let’s think about what should be allowed here: It’s a public contact form, so anyone should be able to WRITE data (submit the form). But only the website's owners - admin users - should be able to READ that data. These are called Row Level Security (RLS) settings - and you can configure them right in the Base44 dashboard under “Security” (see image below). 📅 In our upcoming webinar on October 22 (Mobb x Base44), we’ll go hands-on: Build apps together => See where security needs your attention => Learn how to fix it. 👉 Save your spot! (link in the comments)
-
-
Mobb reposted this
🚀 Exciting news from Mobb! We’re proud to announce our new partnership with ArmorCode Inc. ArmorCode is a leading #ASPM platform, helping teams prioritize and remediate security issues at scale. Now, with Mobb automatically fixing SAST issues, developers can get state-of-the-art code fixes directly inside the ArmorCode UI. No need to “ask the AI” or wait around for suggestions - once the integration is set up, fixes are generated instantly and ready to merge. In just 3 seconds you can open a PR, or pull the fix into your IDE and apply it on your own terms. Just grab it and go! 👉 ArmorCode's customers? Head to the integrations page to activate Mobb and start seeing fixes for your SAST findings today.
-
-
We’re excited to announce a new partnership between Mobb and ArmorCode Inc. bringing together the best of remediation and ASPM. #ASPM platforms like ArmorCode are where developers and security teams already live, centralizing and prioritizing vulnerabilities across tools. They have become the backbone of modern #AppSec programs. Now ArmorCode customers get comprehensive remediation coverage. Mobb’s integration adds specialized SAST expertise for enterprise scanners, in addition to Anya - ArmorCode’s AI assistant - which provides flexible coverage for other finding types and tools. The result? You always have a path to remediation, regardless of your security tooling. Together, we’re making it possible to deliver fixes directly where developers need them: 🔹 Instant, automatic fixes the moment findings arrive 🔹 Batch remediation across many issues, not one by one 🔹 Trusted, ready-to-merge results developers don’t have to second-guess With this partnership, ArmorCode customers can activate Mobb inside the platform today and start delivering secure code faster. #ASPM #AutoRemediation #BetterTogether #DevSecOps
-
-
🎉 We’re proud to announce that Gartner’s Innovation Insight: AI Code Security Assistants (ACSAs), published on 29 August 2025, has named Mobb as a representative provider. Gartner predicts that by 2027, 80% of organizations will augment static application security testing with AI code security assistants. The reason is clear: vulnerabilities must be fixed, not just found. In the era of vibe coding with tools like #Copilot, #Cursor, and #Windsurf, this is mission-critical. Unfixed vulnerabilities can spread at machine speed. ✅ Mobb automatically generates predictable, developer-ready fixes from findings across both commercial and open-source scanners, and even offers direct scanning with an open-source engine. Fixes are delivered right in the IDE, ensuring security without slowing down development. 🔗 Read more about Gartner’s recognition and how Mobb makes vibe coding secure: https://lnkd.in/eNNkUMs4 #AppSec #ACSA #DevSecOps #VibeCoding #Cybersecurity #Gartner
-
-
🚨 Backlogs Are No Longer Static Debt Security backlogs used to sit quietly. With AI coding assistants shaping new code, unfixed vulnerabilities are now being recycled into your company’s training set. What this means ❌️ Old vulnerabilities become amplifiers of future issues 📈 Insecure patterns get replicated at scale 👉 Fixing findings is foundational, not optional Read this article by our CEO, Eitan Worcel 🎗 where he explains why inaction becomes amplification and how teams should respond: https://lnkd.in/e9Z-Ji8j #ApplicationSecurity #DevSecOps #SecureCoding #AI #VibeCoding #CyberSecurity
-
Next-gen security starts here - 💡 See how easy code fixes are with Mobb. Get the edge with smarter fixes, fewer blockers. Read more: https://lnkd.in/eH-R8crv #EasyFix #CodeAutomation #MobbFlow
-
-
Learn about the importance of rate limiting in #webapplications the risks associated with its absence, and best practices for implementing effective rate limiting to enhance security and performance. 📖 Learn more: https://shorturl.at/HwIql #AppSec #RateLimiting #DevSecOps
-
-
We sat down with Robert Kugler, Head of Security & Compliance at Cresta, to talk AI, AppSec, and the real-world value of removing friction from remediation. His biggest challenge? Catching and fixing vulnerabilities before they pile up. Why Mobb worked: ⏰ Easy setup (like, minutes) 🚀 10x faster vulnerability remediation 🔧 Lowered the barrier for fixing legacy code 👩💻 Scaled fixes without disrupting workflows Legacy code? Under-resourced security teams? Massive backlogs? Then you should check out #Mobb. 🧠 Full Q&A here → https://shorturl.at/1a0Qi #AppSec #DevSecOps #Cybersecurity
-